I. Name and address of the data controller

The responsible person within the meaning of the General Data Protection Regulation law and other national data protection laws within Germany's federal states, as well as any other provisions on data protection, is:

Information on collecting your personal data in accordance with article 13 of the General Data Protection Regulation (GDPR):

The data protection officer for the data controller is:

Rehm Datenschutz Eugen-Sänger-Ring 13 85649 Brunnthal

The purpose of the processing of your personal data is to fulfill the contract / contractual measures. (Article 6 par. 1 lit. b) EUDataP). If necessary for fulfilling the contract, your data are handed off to printers for order fulfillment, and will not be disclosed to third countries.

We delete unneeded personal data (designs, layouts) three months after performance of the contract. If we are allowed to keep your data for reorders longer, so you have below the possibility to contact us for this. We save personal data of the contract 10 years (§ 257 HGB, § 147 AO, § 14 UStG).

The provision of personal data is necessary for the contract otherwise we cannot fulfill the contract. There is no automated decision making / profiling. If you want a longer storage of your personal data for a later order, please inform us by email to: info@gmund.com .

IV. General information on data processing

1. Scope of processing of personal data

We generally only process our users' personal data if we require this data to offer you the full functionality of our website, or if the information is required for access to our content and services. Users' personal data is usually only processed once the user provides their consent. The exception to this rule applies in cases in which it is not possible to obtain prior consent for practical reasons and the processing of this data without permission is permitted by law.

2. Legal basis for processing personal data

Article 6, section 1, item a) of the EU General Data Processing Regulation (GDPR) serves as the legal basis for processing personal data in cases where the user has provided permission for us to do so. In cases where processing personal data is necessary for the performance of a contract that the user in question has signed, article 6, section 1, item b) of the GDPR applies. This also applies for processing procedures that are required for the performance of pre-contractual measures. If the processing of personal data is required for the fulfilment of legal obligations that our company is subject to, article 6, section 1, item c) of the GDPR applies. For cases in which the vital interests of the person concerned, or those of another natural person, make it necessary to process personal data, article 6, section 1, item d) of the GDPR applies. If the processing of personal data is necessary to safeguard the interests of our company or a third party, and the interest, fundamental rights and freedoms of the data subject do not outweigh these interests, article 6, section 1, item f) of the GDPR applies as the legal basis for processing data.

3. Erasure of data and duration of data storage

The personal data of the person concerned is deleted or blocked as soon as the data has served its purpose. Data may be stored beyond this period if provisions are made to this effect by European and national legislators in regulations, laws or other legal texts in accordance with the union law that the data controller is subject to. The data will also be deleted or blocked if the storage period specified in these regulations expires, unless the storage of this data for a longer period is required for the conclusion of a contract or the fulfilment of contractual obligations.

V. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the user accessing the site. The following data is collected as part of this process:

(1) Information on the browser type and version (2) The user's operating system (3) The user's internet service provider (4) The user's IP address (5) The date and time of website access (6) Website from which the user's system directs the user to our website (7) Any websites the user's system accesses via our website

Data is also stored in log files on our system. Neither this data nor any other personal data about the user is stored.

2. Legal basis for processing data

The legal basis for temporary storage of data and log files can be found in article 6, section 1, item f) of the GDPR.

3. Purpose of processing personal data

Temporary storage of IP addresses on the system is necessary in order to make the website available on the user's computer. The user's IP address must be stored for the duration of the session. IP addresses are stored in log files to ensure the functionality of the website. This data also helps us to optimise our website and ensure the security of our IT systems. Data stored in this way is not evaluated for marketing purposes. These purposes also constitute legitimate interest for processing data within the meaning of article 6, section 1, item f) of the GDPR.

4. Duration of storage

Data is deleted as soon as the purposes it has been collected for have been fulfilled. If the collection of data is necessary for the provision of the website, data is deleted as soon as the respective session is complete. If data is stored in log files, data will be deleted no more than two months after the website is accessed. It is possible that data will be stored for a longer period. In this case, the user's IP address is deleted or distorted, to ensure that the customer accessing the site can no longer be identified.

5. Revocation and deletion

The collection of data for the provision of the website and the storage of data in log files is essential to the operation of the website. There is therefore no possibility for the user to opt out.

VI. Use of cookies

a) Description and scope of data processing

Our website uses cookies. Cookies are small text files stored in your website browser/in the website browser of the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a unique string of characters that make it possible to identify the browser if the user accesses the website again.

We use cookies to make our website more user-friendly. Certain elements on our website require us to be able to identify the browser of the user accessing the website even if the user comes back to the site after leaving. The following data is therefore stored and transferred in our cookies:

Name of cookies, trackers, social media plug-ins

Type

Category

Function

Name of provider, address, country

What personal data is collected?

Location where data is saved

Transmission type

Storage period

GeoCountryId

Cookie

Required

Redirect to the correct storeview depending from the country

Own cookie

Personal data (country code of the visitor)

local PC

encrypted

24 hours

GeoCountryIdOrig

Cookie

Required

Redirect to the correct storeview depending from the country

Own cookie

Personal data (country code of the visitor)

local PC

encrypted

24 hours

GeoStoreViewId

Cookie

Required

Redirect to the correct storeview depending from the country

Own cookie

local PC

encrypted

24 hours

GeoStoreViewUrl

Cookie

Required

Redirect to the correct storeview depending from the country

Own cookie

local PC

encrypted

24 hours

frontend

Cookie

Required

Session cookie for saving e.g. the cart content and leaving the customer logged-in

Own cookie

lokcal PC

encrypted

12 hours

external_no_cache

Cookie

Required

Controls that some parts of the website should not be loaded from the cache

Own cookie

local PC

encrypted

1 hour

Our website also uses cookies that enable us to analyse the browsing behaviours of users. As a result, the following data may be transmitted:

User data collected in this way is pseudonymised by means of technical procedures. This means it is no longer possible to attribute the data to the user accessing the website. The data is not stored together with the user's other personal data.When our website is accessed, the user is informed of the use of cookies on the website for the purposes of analysis and a link to this data protection declaration is provided. Information is also provided on how the storage of cookies can be prevented in their browser settings.Each time a user accesses our website, they are informed of the use of cookies for the purpose of analysis and are requested to provide permission for their personal data to be processed in this way. They are also provided with a link to this data protection declaration.

Cookie notice will not be displayed again if the visitor closes the cookie notice.

Own cookie

local PC

encrypted

1 year

b) Legal basis for processing data

The legal basis for processing personal data using cookies can be found in article 6, section 1, item f of the GDPR.

c) Purpose of processing personal data

The purpose of using technical cookies is to make the website easier for the user to navigate. Certain functions on our website cannot be provided without the use of cookies. For these functions, it is necessary for the website to be able to recognise the browser even after the user navigates away from the website.The use of cookies is required for the following applications:

User data collected using technical cookies is not used to create user profiles.The purpose of analytical cookies is to improve the quality and content of our website. Using analytical cookies, we can learn about how our website is used in order to continuously improve it.

These purposes also constitute legitimate interest for processing of personal data within the meaning of article 6, section 1, item f) of the GDPR.

d) Duration of storage/revocation and deletion options

Cookies are stored on the user's computer before being transferred to our website. Users therefore have full control over how cookies are used. By changing the settings in your internet browser, you can deactivate or limit the transmission of cookies. Stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that certain functions will no longer be available.

VII. Newsletter

1. Description and scope of data processing

Our website provides users the option to sign up for our free newsletter. When users subscribe to our newsletter, the data they provide on the subscription form is sent to us.This data is: Email address.

The following additional information is collected during the subscription process:

(1) IP address of the computer from which the website is accessed(2) The date and time of subscription

During the subscription process, the user is asked to provide their consent for their data to be processed. A link to this data protection declaration is also provided.None of the data processed as part of the subscription to our newsletter is shared with third parties. The data is used exclusively for the purpose of sending you our newsletter.

2. Legal basis for processing data

The legal basis for processing data as part of our newsletter subscription process can be found in article 6, section 1, item a) of the GDPR.

3. Purpose of processing personal data

We collect users' email addresses for the purposes of delivering our newsletter. Any other personal data collected as part of the subscription process is used to prevent the misuse of services or the email address provided.

4. Duration of storage

Data is deleted as soon as the purposes it has been collected for have been fulfilled. Users' email addresses are stored for as long as they remain subscribed to our newsletter. Any personal data collected as part of the subscription process is generally deleted after 2 months.

5. Revocation and deletion options

Users can unsubscribe from our newsletter at any time. A link is provided in each newsletter that users can click on to unsubscribe. The option is also provided to revoke permission for the storage of any personal data collected during the subscription process.

VIII. Registration

1. Description and scope of data processing

We provide users with the option to register on our website by entering their personal data. This data is entered into an online registration form before being transferred to us and stored on our system. This data is not shared with any third parties. The following data is collected as part of the registration process:

At the time of registration, the following additional data is collected:

(1) The user's IP address(2) The date and time of subscription

Users are asked to provide their consent for this data to be processed as part of the registration process.

2. Legal basis for processing data

The legal basis for processing data once consent has been provided can be found in article 6, section 1, item a) of the GDPR.If registration is required for the fulfilment of a contract the user is party to, or for the implementation of pre-contractual measures, an additional legal basis for the processing of this data can be found in article 6, section 1, item b) of the GDPR.

3. Purpose of processing personal data

If registration is required in order to conclude a contract with the user:

Users are required to register on our website for the purposes of concluding contracts or for the implementation of pre-contractual measures.

The registration is necessary for processing an order in the webshop.

4. Duration of storage

Data is deleted as soon as the purposes it has been collected for have been fulfilled.

This applies to data collected during the registration process in order to conclude a contract or for the implementation of pre-contractual measures, if the data is no longer required for the fulfilment of the contract. Even once the contract has been concluded, it may be necessary to store the contractual partner's personal data in order to meet contractual or statutory obligations.

5. Revocation and deletion options

As a user, you have the option to cancel your registration at any time. You also have the option to modify the data you have provided at any time. If you want to modify the data you provided, you can do this by yourself online in your account. Go to www.gmund.com and click on “Log In”. Enter your login data and klick on “My account”. Here you can modify the data you provided.

If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, data can only be deleted if there are no legal requirements preventing the deletion of this data.

IX. Contact forms and email contact

1. Description and scope of data processing

A contact form is available on our website that can be used to get in touch with us online. If a user takes advantage of this service, the data entered into the contact form is transferred to us and stored on our system. This data includes:

First name, last nameEmail addressCompany nameAddressTelephone numberCountryFree text field

At the time at which the message is sent, the following additional data is collected:

(1) The user's IP address(2) The date and time of subscription

During the subscription process, the user is asked to provide their consent for their data to be processed. A link to this data protection declaration is also provided.Alternatively, it is possible to contact us using the email address provided. In this case, the personal data transferred when the email was sent is stored on our system.

None of the data collected for these purposes is shared with third parties. The data is used exclusively for the purpose of processing the conversation.

2. Legal basis for processing data

The legal basis for processing data once consent has been provided can be found in article 6, section 1, item a) of the GDPR.The legal basis for processing data transferred when a user sends an email can be found in article 6, section 1, item a) of the GDPR. If the email is sent for the purposes of concluding a contract, the legal basis for processing this data can also be found in article 6, section 1, item b) of the GDPR.

3. Purpose of processing personal data

The sole purpose of processing personal data provided in our on-line form is to process any communication between our company and the respective user. If a user contacts us by email, this also constitutes a legitimate interest for processing data. Any other data processed when a user sends an email is used to prevent the misuse of our contact form and ensure the security of our IT systems.

4. Duration of storage

Data is deleted as soon as the purposes it has been collected for has been fulfilled. In the case of personal data entered into the contact form, as well as any data sent to us by email, data is deleted once the respective conversation with the user is terminated. The conversation is deemed as terminated once the respective situation is resolved. Any additional personal data collected when an email is sent is generally deleted no later than 2 months after being stored.

5. Revocation and deletion options

The user has the option to revoke their consent for their data to be processed at any time. If the user contacts us by email, they can revoke their consent for their data to be stored at any time. In this case, the conversation cannot be carried on any further.

XI. Rights of the data subject

If your personal data is processed, you are deemed a 'data subject' within the meaning of the GDPR and have the following rights.

1. Right to information

You may ask the data controller to confirm whether any personal data concerning you is processed by us. If this is the case, you can request the following information from the data controller:

(1) the purposes for which the personal data is processed;(2) the categories of personal data processed;(3) the recipient or categories of recipients the respective personal data has been shared with or continues to be shared with;(4) the planned storage duration of the respective personal data or, if no specific information is available, the criteria for determining storage duration(5) whether you have the right to rectification or erasure with regard to the respective personal data, the right to restriction of processing carried out by the data controller or the right to object to processing; (6) whether you have the right to appeal to a supervisory authority;(7) all available information regarding the origin of the data, if the personal data has not been collected from the data subject;(8) whether an automated individual decision-making process including profiling exists in accordance with article 22, sections 1 and 4 of the GDPR and, in this case, what authoritative information is available on the logic involved, as well as the scope and intended effects of this type of processing on the data subject.

You have the right to request information regarding whether your personal data is shared with another country or state, or to an international organisation. In this regard, you may request information on the appropriate guarantees in accordance with article 46 of the GDPR in relation to transfer of data.

2. Right to rectification

You have the right to obtain from the data controller rectification and/or completion of your data if the processed data concerning you is inaccurate or incomplete. The data controller is required to make the correction without undue delay.

3. Right to restriction of processing

Under the following circumstances, you may request the restriction of processing of any of your personal data:(1) if you contest the accuracy of your personal data for a period of time that enables the data controller to verify the accuracy of your personal information;(2) if the processing is unlawful and you refuse the erasure of the personal data in favour of restricted use of the personal data;(3) the data controller no longer requires the personal data for processing purposes, but you require it for the establishment, exercise, or defence of legal claims;(4) You have objected to processing pursuant to article 21, section 1 of the GDPR pending verification of whether the legitimate grounds of the controller override your own.If the processing of your data is restricted, this data will – with the exception of storage – only be processed with your consent or for the establishment, exercise of defence of legal claims or for the protection of the rights of another natural person or for reasons of important public interest of the Union or of a member state.If you have obtained restriction of processing pursuant to the aforementioned provisions, you will be informed by the controller before the restriction of processing is lifted.

4. Right to erasure

a) Erasure obligation

You may request from the data controller that your personal data be deleted without undue delay. The data controller is under obligation to delete the data without undue delay if any of the following points apply:(1) the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;(2) the data subject withdraws consent on which the processing is based according to article 6, section 1, item a), or article 9, section 2 GDPR, and where there is no other legal ground for the processing; (3) the data subject objects to the processing pursuant to article 21, section 1 GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to article 21, section 2 GDPR; (4) the personal data has been unlawfully processed; (5) the personal data has to be deleted for compliance with a legal obligation in the Union or Member State law to which the controller is subject; (6) the personal data has been collected in relation to the offer of information society services referred to in article 8, section 1.

b) Information for third parties

Where the data controller has made the personal data public and is obliged pursuant to article 17, section 1 GDPR to delete the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, that personal data.

c) Exceptions

Right to erasure does not apply to the extent that processing is necessary(1) for exercising the right of freedom of expression and information;(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;(3) for reasons of public interest in the area of public health in accordance with article 9, section 2, items h), and i), and article 9, section 3 of the GDPR.(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89, section 1 of the GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing, or(5) for the establishment, exercise or defence of legal claims.

5. Right to notification

If you have the right to notification, erasure or restriction of processing, the data controller is required to communicate this rectification, erasure or restriction to all recipients to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort.You have the right to be informed by the data controller about these recipients.

6. Right to data portability

You have the right to receive any personal data you have provided to the data controller in a structured, commonly used, machine-readable format. You also have the right to transmit this data to another data controller without hindrance from the controller to which you have provided your data, if(1) the processing is based on consent pursuant to article 6, section 1, item a) of the GDPR or article 9, section 2, item a) of the GDPR or on a contract pursuant to article 6, section 1, item b) of the GDPR; and(2) the processing is carried out by automated means.In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of others.

The right to portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data based on article 6 section 1 item e) or f) of the GDPR, including profiling based on those provisions. The data controller will no longer process the personal data unless they demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.If your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.In the context of the use of information society services and notwithstanding Directive 2002/58/EC, you have the option to exercise your right to object by automated means using technical specifications.

8. Right to revoke the data protection consent declaration

You have the right to revoke your data protection consent declaration at any time. Revocation of consent does not affect the legality of any processing carried out on the basis of consent prior to revocation.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects that concern you or affects you in a similarly significant way. This does not apply if the decision (1) is necessary for entering into, or performance of, a contract between you and the data controller;(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your own rights and freedoms and legitimate interests or(3) is based on your explicit consent.

These decisions must be not be based on special categories of personal data referred to in Article 9, section 1 of the GDPR, unless article 9, section 2, item a) or g) of the GDPR apply and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.In the cases referred to in points (1) and (3), the data controller will implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the member state you are a resident of, your place of work, or place of alleged infringement if you believe that the processing of your personal data violates the provisions of the GDPR. The supervisory authority to which the complaint has been submitted must inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to article 78 of the GDPR.

Hello!

Thank you for visiting us from the USA. We are passionate about paper. Our mill is in Gmund am Tegernsee, in Southern Germany. On our international pages, you’ll find innovative papers, news about our company, and important sales information.